<?
require_once(dirname(__FILE__) . '/../config.php');
require_once(APPLICATION_ROOT . "/db.php");

$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$password_hashed = sha1($password);

$this_page = filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL);

if (!$password OR ($password_hashed != BSDDS_ADMIN_PASSWORD_HASHED)) {
	print <<<PASSWORD
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
	<head>
		<title>Administration</title>
	</head>
	<body>
		<form action="{$this_page}" method="POST">
			<p>Please enter the administrator's password:</p>
			<input type="password" name="password">
			<input type="submit" value="Submit">
		</form>
	</body>
</html>
PASSWORD;

	if ($password AND ($password_hashed != BSDDS_ADMIN_PASSWORD_HASHED)) {
		echo "Invalid password.";
	}
	die();
}

setcookie("admin_password", $password_hashed, time() + 3600);

header("Location: " . WEB_ROOT . "admin/");

?>